[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-580-g257ea8f
Matthias Dieter Wallnöfer
mdw at samba.org
Sun Sep 20 16:04:48 MDT 2009
The branch, master has been updated
via 257ea8f96f4bb56edacdeba37e5fc16bb6ac2bc3 (commit)
via c1527612b95cb7bc5bee7ebc34ab87013ab88b8a (commit)
via 500fc020b2776392428426af0d5976c74ec8fd9b (commit)
via 1516f673565ecba8ad0fc10500bb94bcd539e58b (commit)
via d4389a230b6aea5a0b2a98e255b14a59c8248b0b (commit)
via 6ec69f3e779997c34f5f446f2983f5fb7ddb62fb (commit)
via dedd32d323db406c966170565e7716dc7634e4ce (commit)
via 10fe59bed9556a6bf61004e9da6fd8544737a48a (commit)
from ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 257ea8f96f4bb56edacdeba37e5fc16bb6ac2bc3
Merge: c1527612b95cb7bc5bee7ebc34ab87013ab88b8a ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Mon Sep 21 00:03:42 2009 +0200
Merge branch 'master' of git://git.samba.org/samba
commit c1527612b95cb7bc5bee7ebc34ab87013ab88b8a
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 20 23:49:05 2009 +0200
s4:python tools - try to fix some test problems
commit 500fc020b2776392428426af0d5976c74ec8fd9b
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 20 23:27:47 2009 +0200
s4:samba3sam.py test - remove the primary group ID attribute here
This shouldn't be specified on creation time (Windows Server doesn't allow that).
Hope this also fixes the test (see buildfarm).
commit 1516f673565ecba8ad0fc10500bb94bcd539e58b
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 20 23:16:04 2009 +0200
s4:sec_descriptor - fix constant
commit d4389a230b6aea5a0b2a98e255b14a59c8248b0b
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 20 23:07:22 2009 +0200
blackbox:test_kinit - Remove the "-H" (hive) parameter
The "enableaccount" script works only on local LDB anymore - therefore remove
this parameter.
commit 6ec69f3e779997c34f5f446f2983f5fb7ddb62fb
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 20 22:49:55 2009 +0200
s4:dsdb/common/util - Check for the right forest/domain function level
This adds a function which performs the check for the supported forest and
domain function levels. On an unsuccessful result a textual error message can
be created (parameter "errmsg" != NULL) which gives hints for the user to help
him fixing the issue.
commit dedd32d323db406c966170565e7716dc7634e4ce
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 20 22:17:35 2009 +0200
s4:server.c - add linespace (only cosmetic)
commit 10fe59bed9556a6bf61004e9da6fd8544737a48a
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Sun Sep 20 21:25:49 2009 +0200
s4:domainlevel - fixed another error
The second "nTMixedDomain" attribute (under Partitions/Domain-DN) is only a
copy of the one under the directory root object. Therefore there doesn't exist
the "Windows 2000 Mixed" forest level.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/util.c | 57 +++++++++++++++++++++
source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 9 +---
source4/lib/ldb/tests/python/sec_descriptor.py | 8 ++--
source4/scripting/python/samba/samdb.py | 26 +++++----
source4/setup/domainlevel | 35 +++---------
source4/setup/newuser | 2 +-
source4/setup/setexpiry | 2 +-
source4/smbd/server.c | 3 +-
testprogs/blackbox/test_kinit.sh | 2 +-
9 files changed, 91 insertions(+), 53 deletions(-)
mode change 100644 => 100755 source4/lib/ldb/tests/python/sec_descriptor.py
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 39fdfe9..1fe5979 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1433,6 +1433,63 @@ struct ldb_dn *samdb_server_site_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx
}
/*
+ * This works out if we are running on a supported forest/domain function
+ * level. Basically this means that we don't support mixed/interim (NT 4 DC
+ * support) levels.
+ * If errmsg isn't NULL we write in an adequate error message for printing out
+ * to the screen.
+ */
+bool samdb_is_capable_dc(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+ char **errmsg)
+{
+ int32_t level_forest, level_domain, level_domain_mixed;
+ bool ret = true;
+
+ level_forest = (int32_t) samdb_search_int64(ldb, mem_ctx, -1,
+ samdb_partitions_dn(ldb, mem_ctx), "msDS-Behavior-Version",
+ NULL);
+ level_domain = (int32_t) samdb_search_int64(ldb, mem_ctx, -1,
+ samdb_base_dn(ldb), "msDS-Behavior-Version", NULL);
+ level_domain_mixed = (int32_t) samdb_search_int64(ldb, mem_ctx, -1,
+ samdb_base_dn(ldb), "nTMixedDomain", NULL);
+
+ if (errmsg != NULL)
+ *errmsg = talloc_asprintf(mem_ctx, "");
+
+ if (level_forest == -1 || level_domain == -1 || level_domain_mixed == -1) {
+ ret = false;
+ if (errmsg != NULL)
+ *errmsg = talloc_strdup_append(*errmsg,
+ "\nATTENTION: Invalid values for forest and/or domain function level!"
+ );
+ }
+
+ if (level_forest == DS_DOMAIN_FUNCTION_2003_MIXED) {
+ ret = false;
+ if (errmsg != NULL)
+ *errmsg = talloc_strdup_append(*errmsg,
+ "\nATTENTION: You run SAMBA 4 on the 2003 with mixed domains (NT4 DC support) forest level. This isn't supported!"
+ );
+ }
+ if ((level_domain == DS_DOMAIN_FUNCTION_2000 && level_domain_mixed != 0)
+ || level_domain == DS_DOMAIN_FUNCTION_2003_MIXED) {
+ ret = false;
+ if (errmsg != NULL)
+ *errmsg = talloc_strdup_append(*errmsg,
+ "\nATTENTION: You run SAMBA 4 on a mixed/interim (NT4 DC support) domain level. This isn't supported!"
+ );
+ }
+
+ if ((!ret) && (errmsg != NULL)) {
+ *errmsg = talloc_strdup_append(*errmsg,
+ "\nPlease raise the domain and/or forest level to an adequate value. Use for this the 'domainlevel' tool, the MS AD MMC tools or manipulate the needed attributes directly."
+ );
+ }
+
+ return ret;
+}
+
+/*
work out if we are the PDC for the domain of the current open ldb
*/
bool samdb_is_pdc(struct ldb_context *ldb)
diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
index 75aaeb7..fe96b88 100644
--- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
+++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
@@ -323,8 +323,6 @@ nextRid: y
lastLogon: x
description: x
objectSid: S-1-5-21-4231626423-2410014848-2360679739-552
-primaryGroupID: 1-5-21-4231626423-2410014848-2360679739-512
-
""")
self.ldb.add({
@@ -486,11 +484,8 @@ primaryGroupID: 1-5-21-4231626423-2410014848-2360679739-512
self.assertEquals(str(res[0]["lastLogon"]), "x")
self.assertEquals(str(res[0]["primaryGroupID"]), "512")
- # TODO: There should actually be two results, A and X. The
- # primaryGroupID of X seems to get corrupted somewhere, and the
- # objectSid isn't available during the generation of remote (!) data,
- # which can be observed with the following search. Also note that Xs
- # objectSid seems to be fine in the previous search for objectSid... */
+ # Note that Xs "objectSid" seems to be fine in the previous search for
+ # "objectSid"...
#res = ldb.search(expression="(primaryGroupID=*)", NULL, ldb. SCOPE_DEFAULT, attrs)
#print len(res) + " results found"
#for i in range(len(res)):
diff --git a/source4/lib/ldb/tests/python/sec_descriptor.py b/source4/lib/ldb/tests/python/sec_descriptor.py
old mode 100644
new mode 100755
index 58a3454..01df86e
--- a/source4/lib/ldb/tests/python/sec_descriptor.py
+++ b/source4/lib/ldb/tests/python/sec_descriptor.py
@@ -24,11 +24,11 @@ from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security
from samba.auth import system_session
-from samba import Ldb, DS_BEHAVIOR_WIN2008
+from samba import Ldb, DS_DOMAIN_FUNCTION_2008
from subunit import SubunitTestRunner
import unittest
-parser = optparse.OptionParser("ldap [options] <host>")
+parser = optparse.OptionParser("sec_descriptor [options] <host>")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
@@ -374,7 +374,7 @@ changetype: add
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
self.results = {
- # msDS-Behavior-Version < DS_BEHAVIOR_WIN2008
+ # msDS-Behavior-Version < DS_DOMAIN_FUNCTION_2008
"ds_behavior_win2003" : {
"100" : "O:EAG:DU",
"101" : "O:DAG:DU",
@@ -481,7 +481,7 @@ member: """ + user_dn
res = self.ldb_admin.search(base=self.base_dn, expression="distinguishedName=%s" % self.base_dn, \
attrs=['msDS-Behavior-Version'])
res = int(res[0]['msDS-Behavior-Version'][0])
- if res < DS_BEHAVIOR_WIN2008:
+ if res < DS_DOMAIN_FUNCTION_2008:
self.DS_BEHAVIOR = "ds_behavior_win2003"
else:
self.DS_BEHAVIOR = "ds_behavior_win2008"
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 28352f2..239dd6a 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -107,15 +107,16 @@ pwdLastSet: 0
""" % (user_dn)
self.modify_ldif(mod)
- def newuser(self, username, unixname, password, force_password_change_at_next_login=False):
+ def newuser(self, username, unixname, password, force_password_change_at_next_login_req=False):
"""Adds a new user
Note: This call adds also the ID mapping for winbind; therefore it works
*only* on SAMBA 4.
- :param username: Name of the new user.
- :param unixname: Name of the unix user to map to.
+ :param username: Name of the new user
+ :param unixname: Name of the unix user to map to
:param password: Password for the new user
+ :param force_password_change_at_next_login_req: Force password change
"""
self.transaction_start()
try:
@@ -129,7 +130,7 @@ pwdLastSet: 0
# Sets the password for it
self.setpassword("(dn=" + user_dn + ")", password,
- force_password_change_at_next_login)
+ force_password_change_at_next_login_req)
# Gets the user SID (for the account mapping setup)
res = self.search(user_dn, scope=ldb.SCOPE_BASE,
@@ -153,7 +154,7 @@ pwdLastSet: 0
raise
self.transaction_commit()
- def setpassword(self, filter, password, force_password_change_at_next_login=False):
+ def setpassword(self, filter, password, force_password_change_at_next_login_req=False):
"""Sets the password for a user
Note: This call uses the "userPassword" attribute to set the password.
@@ -162,7 +163,7 @@ pwdLastSet: 0
:param filter: LDAP filter to find the user (eg samccountname=name)
:param password: Password for the user
- :param force_password_change_at_next_login: Force password change
+ :param force_password_change_at_next_login_req: Force password change
"""
self.transaction_start()
try:
@@ -180,8 +181,9 @@ userPassword:: %s
self.modify_ldif(setpw)
- if force_password_change_at_next_login:
- self.force_password_change_at_next_login(user_dn)
+ if force_password_change_at_next_login_req:
+ self.force_password_change_at_next_login(
+ "(dn=" + str(user_dn) + ")")
# modify the userAccountControl to remove the disabled bit
self.enable_account(filter)
@@ -190,24 +192,24 @@ userPassword:: %s
raise
self.transaction_commit()
- def setexpiry(self, filter, expiry_seconds, noexpiry=False):
+ def setexpiry(self, filter, expiry_seconds, no_expiry_req=False):
"""Sets the account expiry for a user
:param filter: LDAP filter to find the user (eg samccountname=name)
:param expiry_seconds: expiry time from now in seconds
- :param noexpiry: if set, then don't expire password
+ :param no_expiry_req: if set, then don't expire password
"""
self.transaction_start()
try:
res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
expression=filter,
attrs=["userAccountControl", "accountExpires"])
- assert len(res) == 1
+ assert(len(res) == 1)
user_dn = res[0].dn
userAccountControl = int(res[0]["userAccountControl"][0])
accountExpires = int(res[0]["accountExpires"][0])
- if noexpiry:
+ if no_expiry_req:
userAccountControl = userAccountControl | 0x10000
accountExpires = 0
else:
diff --git a/source4/setup/domainlevel b/source4/setup/domainlevel
index 9386d19..b49150f 100755
--- a/source4/setup/domainlevel
+++ b/source4/setup/domainlevel
@@ -41,7 +41,7 @@ credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--forest",
- help="The forest function level (2000 | 2003 | 2008 | 2008_R2). We don't support mixed/interim (NT4 DC support) levels.", type=str)
+ help="The forest function level (2000 | 2003 | 2008 | 2008_R2). We don't support the 2003 with mixed domains (NT4 DC support) level.", type=str)
parser.add_option("--domain",
help="The domain function level (2000 | 2003 | 2008 | 2008_R2). We don't support mixed/interim (NT4 DC support) levels.", type=str)
opts, args = parser.parse_args()
@@ -69,48 +69,40 @@ res_forest = samdb.search("CN=Partitions,CN=Configuration," + domain_dn,
scope=ldb.SCOPE_BASE, attrs=["msDS-Behavior-Version"])
assert(len(res_forest) == 1)
-res_forest_mixed = samdb.search("CN=" + lp.get("workgroup") +
- ",CN=Partitions,CN=Configuration," + domain_dn,
- scope=ldb.SCOPE_BASE, attrs=["nTMixedDomain"])
-assert(len(res_forest_mixed) == 1)
-
res_domain = samdb.search(domain_dn, scope=ldb.SCOPE_BASE,
attrs=["msDS-Behavior-Version", "nTMixedDomain"])
assert(len(res_domain) == 1)
try:
level_forest = int(res_forest[0]["msDS-Behavior-Version"][0])
- level_forest_mixed = int(res_forest_mixed[0]["nTMixedDomain"][0])
level_domain = int(res_domain[0]["msDS-Behavior-Version"][0])
level_domain_mixed = int(res_domain[0]["nTMixedDomain"][0])
if level_forest < 0 or level_domain < 0:
print "ERROR: Domain and/or forest functional level(s) is/are invalid. Correct them or reprovision!"
sys.exit(1)
- if level_forest > level_domain or (level_forest_mixed < level_domain_mixed):
+ if level_forest > level_domain:
print "ERROR: Forest function level is higher than the domain level(s). That can't be. Correct this or reprovision!"
sys.exit(1)
except:
- print "ERROR: Could not retrieve the actual domain and forest level!"
+ print "ERROR: Could not retrieve the actual domain and/or forest level!"
if args[0] == "show":
print "So the levels can't be displayed!"
sys.exit(1)
if args[0] == "show":
message("Domain and forest function level for domain '" + domain_dn + "'")
- if (level_forest == DS_DOMAIN_FUNCTION_2000 and level_forest_mixed != 0) or level_forest == DS_DOMAIN_FUNCTION_2003_MIXED:
- message("\nATTENTION: You run SAMBA 4 on a mixed/interim (NT4 DC support) forest level. This isn't supported! Please raise!")
+ if level_forest == DS_DOMAIN_FUNCTION_2003_MIXED:
+ message("\nATTENTION: You run SAMBA 4 on the 2003 with mixed domains (NT4 DC support) forest level. This isn't supported! Please raise!")
if (level_domain == DS_DOMAIN_FUNCTION_2000 and level_domain_mixed != 0) or level_domain == DS_DOMAIN_FUNCTION_2003_MIXED:
message("\nATTENTION: You run SAMBA 4 on a mixed/interim (NT4 DC support) domain level. This isn't supported! Please raise!")
message("")
- if level_forest == DS_DOMAIN_FUNCTION_2000 and level_forest_mixed != 0:
- outstr = "2000 mixed (NT4 DC support)"
- elif level_forest == DS_DOMAIN_FUNCTION_2000 and level_forest_mixed == 0:
+ if level_forest == DS_DOMAIN_FUNCTION_2000:
outstr = "2000"
elif level_forest == DS_DOMAIN_FUNCTION_2003_MIXED:
- outstr = "2003 interim (NT4 DC support)"
+ outstr = "2003 with mixed domains/interim (NT4 DC support)"
elif level_forest == DS_DOMAIN_FUNCTION_2003:
outstr = "2003"
elif level_forest == DS_DOMAIN_FUNCTION_2008:
@@ -126,7 +118,7 @@ if args[0] == "show":
elif level_domain == DS_DOMAIN_FUNCTION_2000 and level_domain_mixed == 0:
outstr = "2000"
elif level_domain == DS_DOMAIN_FUNCTION_2003_MIXED:
- outstr = "2003 interim (NT4 DC support)"
+ outstr = "2003 with mixed domains/interim (NT4 DC support)"
elif level_domain == DS_DOMAIN_FUNCTION_2003:
outstr = "2003"
elif level_domain == DS_DOMAIN_FUNCTION_2008:
@@ -193,7 +185,7 @@ elif args[0] == "raise":
print "ERROR: Wrong argument '" + arg + "'!"
sys.exit(1)
- if new_level_forest <= level_forest and level_forest_mixed == 0:
+ if new_level_forest <= level_forest:
print "ERROR: Forest function level can't be smaller equal to the actual one!"
sys.exit(1)
@@ -201,15 +193,6 @@ elif args[0] == "raise":
print "ERROR: Forest function level can't be higher than the domain function level(s). Please raise it/them first!"
sys.exit(1)
- # Deactivate mixed/interim forest support
- if level_forest_mixed != 0:
- m = ldb.Message()
- m.dn = ldb.Dn(samdb, "CN=" + lp.get("workgroup")
- + ",CN=Partitions,CN=Configuration," + domain_dn)
- m["nTMixedDomain"] = ldb.MessageElement("0",
- ldb.FLAG_MOD_REPLACE, "nTMixedDomain")
- samdb.modify(m)
-
m = ldb.Message()
m.dn = ldb.Dn(samdb, "CN=Partitions,CN=Configuration,"
+ domain_dn)
diff --git a/source4/setup/newuser b/source4/setup/newuser
index 422677c..10af55a 100755
--- a/source4/setup/newuser
+++ b/source4/setup/newuser
@@ -60,4 +60,4 @@ creds = credopts.get_credentials(lp)
samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
-samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login=opts.must_change_at_next_login)
+samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login_req=opts.must_change_at_next_login)
diff --git a/source4/setup/setexpiry b/source4/setup/setexpiry
index 6c6305c..1572555 100755
--- a/source4/setup/setexpiry
+++ b/source4/setup/setexpiry
@@ -61,4 +61,4 @@ creds = credopts.get_credentials(lp)
samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
-samdb.setexpiry(filter, days*24*3600, noexpiry=opts.noexpiry)
+samdb.setexpiry(filter, days*24*3600, no_expiry_req=opts.noexpiry)
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index a96991e..8aad26d 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -407,6 +407,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
}
DEBUG(0,("%s: using '%s' process model\n", binary_name, model));
+
status = server_service_startup(event_ctx, cmdline_lp_ctx, model,
lp_server_services(cmdline_lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
@@ -425,7 +426,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
return 0;
}
- int main(int argc, const char *argv[])
+int main(int argc, const char *argv[])
{
return binary_smbd_main("samba", argc, argv);
}
diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh
index 91f21f4..0a15802 100755
--- a/testprogs/blackbox/test_kinit.sh
+++ b/testprogs/blackbox/test_kinit.sh
@@ -69,7 +69,7 @@ echo $USERPASS > ./tmpuserpassfile
testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
-testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
+testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -k yes $@ || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpuserccache"
export KRB5CCNAME
--
Samba Shared Repository
More information about the samba-cvs
mailing list